This Ansible role generates TLS certificates for HashiCorp Nomad using the built-in nomad tls commands. It creates a self-signed certificate authority (CA), a server certificate, a client certificate, and a CLI certificate. The certificates are stored in the specified directory.
- Automated TLS Certificate Creation: Automatically generates Nomad TLS certificates (CA, server, client, and CLI certificates) using the
nomad tlscommands. - Customizable Directory: Certificates can be stored in a directory of your choice by overriding the
nomad_tls_certificates_directoryvariable. - Idempotent Execution: Each certificate creation task checks if the certificate already exists and skips the task if the certificate is already present, ensuring that the role can be run multiple times without overwriting existing files
- The
nomadCLI must be installed on the target machine where this role is being executed.
Here are the role variables and their default values. You will need to override them in your playbook or inventory to suit your environment:
| Variable | Description | Default |
|---|---|---|
| nomad_tls_certificates_directory | Path to the directory where certificates will be stored. Defaults to the playbook's directory. | "{{ playbook_dir }}" |
- hosts: servers
become: true
roles:
- role: dsegurag.nomad_tls_certificates
vars:
nomad_tls_certificates_directory: "/etc/nomad/tls"- Nomad CLI: The
nomadCLI is required to create the TLS certificates. If Nomad is not installed on your target machine, you can use this Ansible role to install Nomad easily.
MIT License
This role was created by Daniel Segura.